Security Policy: Difference between revisions
Jump to navigation
Jump to search
| Line 173: | Line 173: | ||
#determine the necessary competence of person(s) doing work under its control that affects its information security performance; | #determine the necessary competence of person(s) doing work under its control that affects its information security performance; | ||
#ensure that these persons are competent on the basis of appropriate education, training, or experience; | #ensure that these persons are competent on the basis of appropriate education, training, or experience; | ||
#where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken; and | #where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken; and | ||
#retain appropriate documented information as evidence of competence. | #retain appropriate documented information as evidence of competence. | ||